网络安全威胁检测与威胁溯源_网络安全威胁2017

网络安全威胁检测与威胁溯源

For those of you who thought we were winning the battle against cybercriminals, think again. 2016 saw a huge increase in cyber-attacks, including the biggest attack in history which brought down much of the US internet. The outlook for 2017 looks just as pessimistic – not just because of an increase in attacks but also because cybercriminals are beginning to exploit an even wider range of vulnerabilities.

对于那些认为我们在与网络犯罪分子的斗争中赢得胜利的人，请三思。 2016年，网络攻击急剧增加，包括历史上最大的一次攻击，该攻击使美国大部分互联网瘫痪。 2017年的前景看起来也很悲观-不仅是因为攻击数量增加，而且还因为网络犯罪分子开始利用范围更广的漏洞。

2017年网络攻击将如何发展？ (How will cyber-attacks develop in 2017?)

What should concern us most about the predictions for 2017 is not just the increase in the number cyber-attacks but the change in how they are carried out. Here are some examples of how things may develop in 2017.

我们最关心的2017年预测不仅是网络攻击的数量增加，还有实施方式的变化。以下是一些有关2017年形势发展的例子。

用水壶烧毁互联网 (Bringing down the internet with a kettle)

As was widely reported in the news, October saw the world’s biggest DDoS attack on DNS company Dyn, causing some very high-profile companies, including Twitter and PayPal, to go offline. Whilst DDoS attacks are nothing new, what made this attack different was that it was launched using Internet of Things devices: fridges, watches, smart meters, etc.

正如新闻中广泛报道的那样，十月份看到了对DNS公司Dyn的全球最大DDoS攻击，导致包括Twitter和PayPal在内的一些知名度很高的公司脱机。尽管DDoS攻击并不是什么新鲜事物，但使这次攻击与众不同的是它是使用诸如冰箱，手表，智能电表等物联网设备发起的。

The ease with which the attack took place was put down to the owners not changing the simple to crack, default passwords. Once in, hackers were able to infect the machines with malware that could launch the DDoS attack.

轻松进行攻击的原因在于，所有者无需更改简单的破解默认密码。一旦进入，黑客就可以用可能发起DDoS攻击的恶意软件感染计算机。

What’s worrying, is that most IoT products are vulnerable to infections that can be used to launch attacks against businesses. Until cyber security firms can find a way around this, the door is wide-open for criminals.

令人担忧的是，大多数物联网产品都容易受到感染，可用于发起针对企业的攻击。在网络安全公司找到解决办法之前，犯罪分子的大门是敞开的。

网络罪犯使用机器学习 (Cyber criminals to use machine learning)

According to the McAfee 2017 Threats Predictions report, cybercriminals are now using machine learning to target victims of the Business Employee Compromise (BEC) scam (where fraudulent emails are used to con employees into transferring company funds into the criminals’ accounts).

根据McAfee 2017威胁预测报告，网络犯罪分子现在正在使用机器学习来针对企业员工妥协(BEC)骗局的受害者(在该骗局中，欺诈性电子邮件用于诱使员工将公司资金转移到犯罪分子的账户中)。

BEC scammers use social engineering to defraud their victims, and their ability to pick the right targets and manipulate them is being improved through machine learning. The tools they need to perform the complex analysis are easily attainable as is the publicly available data required to build and train their malicious algorithms.

BEC诈骗者使用社会工程学来欺骗受害者，而通过机器学习，他们选择正确目标并操纵目标的能力也得到了改善。他们执行复杂分析所需的工具很容易获得，而构建和训练其恶意算法所需的公开数据也很容易获得。

McAfee expects the ease at which cybercriminals can access machine learning will increase the numbers of social engineering attacks in 2017 and make it more likely that they are successful. It’s also likely that these attacks will be aimed at even more high profile business executives, CEOs finance directors, etc.

McAfee预计，网络犯罪分子可以轻松获得机器学习，这将在2017年增加社会工程学攻击的数量，并使其更有可能成功。这些攻击也有可能针对更高调的企业高管，CEO财务总监等。

投放恶意软件的不良广告 (Bad ads to deliver malware)

Techniques being developed by advertisers to ensure that ads can bypass ad-blocking apps are being used by cybercriminals as a means to distribute malware. Advertisers use hooks to make computers execute arbitrary code, enabling ads to show up without the user’s permission. According to McAfee, by 2017, malware distributors will be using the same techniques to massively increase the numbers of drive-by malware downloads on the devices of unsuspecting users.

广告客户开发的确保广告可以绕开广告拦截应用程序的技术已被网络罪犯用作分发恶意软件的手段。广告商使用挂钩使计算机执行任意代码，从而使广告可以在未经用户许可的情况下显示。根据迈克菲(McAfee)的预测，到2017年，恶意软件分发者将使用相同的技术，大幅增加在毫无戒心的用户的设备上偷渡式恶意软件的下载数量。

寻求硬件 (Going for hardware)

With the security industry focused on protecting software, 2017 will see cybercriminals turn their attention to hardware. Vulnerable hardware can undermine the security of the entire system and, as software security cannot defend it, the only real fix is to replace the hardware itself. This can obviously put some businesses at financial risk.

随着安全行业专注于保护软件，2017年，网络犯罪分子将把注意力转向硬件。脆弱的硬件可能会破坏整个系统的安全性，并且由于软件安全性无法防御整个系统的安全性，唯一真正的解决方法是更换硬件本身。这显然会使一些企业面临财务风险。

McAfee predicts that 2017 will see a hardware attacks being used much more by state-sponsored attackers as they have the ability to exploit systems that use legacy firmware as well as firmware on solid-state drives, network cards and Wi-Fi devices.

McAfee预测，在2017年，由国家支持的攻击者将使用更多的硬件攻击，因为他们能够利用既有固件又有固态驱动器，网卡和Wi-Fi设备上的固件的系统进行攻击。

勒索软件将在2017年达到顶峰 (Ransomware to peak in 2017)

Ransomware has increased from just over 2 million attacks in the first quarter of 2014 to almost 9 million in the third quarter of 2016. This rise is set to continue until at least the first half of 2017. One of the reasons for the rise is the various ways criminals can get their hands on the software. You can purchase Ransomware-as-a-Service, buy bespoke ransomware from the dark web, or even create your own from open-source ransomware code.

勒索软件的数量已从2014年第一季度的200万以上增加到2016年第三季度的近900万。这种上升趋势将至少持续到2017年上半年。犯罪分子可以通过多种方式使用该软件。您可以购买Ransomware即服务，从暗网购买定制的勒索软件，甚至可以使用开源勒索软件代码创建自己的勒索软件。

The focus of ransomware is also expected to shift during 2017 with more attacks expected on phones and other mobile devices. McAfee also expects to see DDoS being used as a method to ransom businesses who use the cloud.

勒索软件的重心也有望在2017年发生变化，预计在手机和其他移动设备上的攻击将会更多。迈克菲还希望看到DDoS被用作勒索使用云的企业的一种方法。

The good news is that it is expected that there will be a concerted effort across all cyber security companies during 2017 to tackle ransomware which McAfee believe will see a levelling off of attacks in the second half of the year. However, this doesn’t mean companies can be complacent.

好消息是，预计在2017年期间，所有网络安全公司将齐心协力应对勒索软件，迈克菲认为，勒索软件将在下半年稳定下来。但是，这并不意味着公司可以自满。

2017年保护系统安全的10个技巧 (10 tips to secure your system in 2017)

To defend against the increased threat of hacking in 2017, we highly recommend you take the following steps:

为了抵御2017年日益增长的黑客威胁，我们强烈建议您采取以下步骤：

1.更新到软件的最新版本 (1. Update to the latest versions of your software)

Vulnerable legacy software is an open window to cybercriminals who have the web monitoring tools at hand to find companies who are using old apps. Updating to the latest version instantly removes these vulnerabilities and stops hackers exploiting them on your system.

易受攻击的旧版软件为网络犯罪分子打开了一个窗口，他们可以使用网络监视工具来查找正在使用旧应用程序的公司。更新到最新版本会立即消除这些漏洞，并阻止黑客在您的系统上利用它们。

If you can, auto-update. It saves time and worry. Managed hosting can also be a great way to ensure this is done for your operating software.

如果可以，请自动更新。节省时间和时间。 托管托管也是确保对您的操作软件完成此操作的一种好方法。

2.紧跟开发者指南 (2. Keep up to date with developers’ guidelines)

For improved security, you should always follow your software developers’ guidelines for keeping their application safe. To make sure the procedures you put in place are current, ensure you are signed up for their email updates. This will also be helpful if a vulnerability is discovered and you need to take action quickly.

为了提高安全性，您应始终遵循软件开发人员的指南以确保其应用程序安全。为确保您执行的步骤是最新的，请确保已注册他们的电子邮件更新。如果发现漏洞并且您需要快速采取措施，这也将很有帮助。

3.使用站点范围的SSL或TLS切换到https (3. Switch to https with site-wide SSL or TLS)

Last year we were encouraging people to enable site-wide SSL (Secure Sockets Layer) to securely encrypt links between a server and a client. This was to prevent hackers using ‘man in the middle attacks’ stealing personal data, credit card information and passwords during transmission.

去年，我们鼓励人们启用站点范围的SSL(安全套接字层)以安全地加密服务器和客户端之间的链接。这是为了防止黑客利用“中间人攻击”在传输过程中窃取个人数据，信用卡信息和密码。

Whilst SSL is still highly secure, there is now a new protocol called Transport Layer Security (TLS) which splits encrypted communication between two servers so, even if it is intercepted and unencrypted, only part of the data will be present.

尽管SSL仍然是高度安全的，但现在有了一个称为传输层安全性(TLS)的新协议，该协议可以在两个服务器之间拆分加密的通信，因此，即使它被截取和未加密，也仅会显示部分数据。

Both SSL and TLS can be used with HTTPS.

SSL和TLS均可与HTTPS一起使用。

4.启用入侵防御系统 (4. Enable intrusion prevention systems)

Intrusion prevention systems can be configured to offer robust protection for some of your applications and are included in cPanel and Plesk. The app, Fail2ban, for example, is included in Plesk and has predefined rulesets to defend WordPress.

入侵防御系统可以配置为为某些应用程序提供强大的保护，并且包含在cPanel和Plesk中。例如，该应用程序Fail2ban包含在Plesk中，并具有预定义的规则集来防御WordPress。

5.使用.htaccess文件保护您的网站 (5. Protect your site using the .htaccess file)

If you use Apache, you can protect your site from attack simply by making changes to your .htaccess file. Adding a few lines of instructions can block unauthorised access to the database and admin area whilst preventing directory browsing and the access to files.

如果使用Apache，则只需更改.htaccess文件即可保护您的网站不受攻击。添加几行指令可以阻止对数据库和管理区域的未授权访问，同时阻止目录浏览和文件访问。

6.确保您使用漏洞扫描程序 (6. Ensure you use a vulnerability scanner)

One way to make sure your site is consistently protected is to use a vulnerability scanner. Apps such as MTvScan, which we use at eUKhost, scan for software holes, malware and intrusions on your website, ensuring your website is thoroughly defended.

确保您的站点受到一致保护的一种方法是使用漏洞扫描程序。我们在eUKhost上使用的MTvScan之类的应用程序会扫描您网站上的软件漏洞，恶意软件和入侵，以确保您的网站得到全面防御。

7.定期备份数据 (7. Backup your data – regularly)

Losing your website and data can put you out of business if you cannot recover quickly enough. The best way to do this is to regularly backup your website and database files. This way, if you are hacked, you can restore your website relatively quickly and inexpensively.

如果您无法很快恢复，丢失网站和数据可能会使您破产。最好的方法是定期备份您的网站和数据库文件。这样，如果您被黑客入侵，则可以相对快速且经济地恢复您的网站。

The frequency at which you update your site or database will affect how often you need to back up. If you sell online and constantly take orders, for example, you may need constant backups so you do not lose recent sales.

更新站点或数据库的频率将影响您需要备份的频率。例如，如果您在线销售并不断下订单，则可能需要经常备份，以免失去最近的销售。

8.确保您的应用程序防火墙已启用 (8. Make sure your application firewall is enabled)

To protect yourself against cross-site scripting and SQL injection attacks, you need to have a securely configured application firewall. This will ensure that you have a predefined ruleset that will block malicious HTTP requests which don’t conform to the rules.

为了保护自己免受跨站点脚本和SQL注入攻击的侵害，您需要具有安全配置的应用程序防火墙。这将确保您具有预定义的规则集，该规则集将阻止不符合规则的恶意HTTP请求。

At eUKhost, our Linux servers have the mod_security application firewall installed on both Plesk and cPanel, giving clients a number of custom rulesets which can be enabled.

在eUKhost，我们的Linux服务器在Plesk和cPanel上都安装了mod_security应用程序防火墙，从而为客户端提供了许多可以启用的自定义规则集。

9.使用高性能网络防火墙 (9. Use a high-performance network firewall)

A network firewall is another essential element needed to protect your website from sophisticated cyber-attacks. At eUKhost, we use a Next Generation Network Security (NGNS) platform from Fortigate. This enables us to:

网络防火墙是保护您的网站免受复杂网络攻击所需的另一个基本元素。在eUKhost，我们使用Fortigate的下一代网络安全(NGNS)平台。这使我们能够：

Identify and control network applications识别和控制网络应用
Protect your site from advanced threats保护您的网站免受高级威胁
Filter unwanted traffic using a web and content policy使用网络和内容策略过滤不必要的流量
Improve control of wireless networks改善对无线网络的控制
Run Intrusion Protection System (IPS) scans to actively monitor and prevent signature and behaviour threats运行入侵防护系统(IPS)扫描以主动监视并防止签名和行为威胁
Prevent data loss by monitoring behaviour that could lead to data loss通过监视可能导致数据丢失的行为来防止数据丢失
Protect against malware in real-time实时防御恶意软件

With its own OS and purpose-built processors, the Fortigate firewall offers the most advanced threat intelligence available to protect your network. It provides end-to-end security throughout the full attack cycle and has been independently validated to provide 99%+ security effectiveness. And for ease of use, it enables all monitoring and management to be undertaken from a single pane of glass interface.

拥有自己的操作系统和专用处理器，Fortigate防火墙可提供最先进的威胁情报来保护您的网络。它在整个攻击周期中提供端到端的安全性，并且经过独立验证，可提供99％以上的安全性。并且为了易于使用，它使所有监视和管理都可以从一个玻璃界面窗格进行。

10.忘记密码–使用凭证保险库 (10. Forget passwords – use a credential vault)

Despite the sophisticated apps used to defend your system, the Achilles heel for many businesses is weak passwords. Too many businesses do not have strict enough password policies and this leads to staff having weak passwords or failing to keep them secure. This puts you at risk from both internal and external criminals.

尽管使用了用于保护系统的复杂应用程序，但许多企业的致命弱点还是密码薄弱。太多的企业没有足够严格的密码策略，这会导致员工使用较弱的密码或无法确保其安全性。这使您面临内部和外部犯罪分子的风险。

The best way to stop this is to give users passwords which they do not know. A credential vault would create highly secure passwords for users and change them frequently. The users would not need to know the password, they’d just need to validate their credentials. Doing this would guarantee that the user can’t lose or give the password away.

阻止此问题的最佳方法是为用户提供他们不知道的密码。凭证保险库会为用户创建高度安全的密码，并经常更改它们。用户不需要知道密码，他们只需要验证其凭据即可。这样做可以确保用户不会丢失或泄露密码。

结论 (Conclusion)

2017 is going to see a shift in focus for cybercriminals. As security companies make progress in many areas, hackers will move their efforts to new vulnerabilities, including the Internet of Things, drive-by-malware distribution, DDoS ransoms and social engineering. Of course, many will continue to use existing types of attacks so we should not ignore these, either.

2017年，网络犯罪分子的重心将转移。随着安全公司在许多领域取得进步，黑客将把他们的努力转移到新的漏洞，包括物联网，恶意软件驱动分发，DDoS赎金和社会工程。当然，许多人将继续使用现有的攻击类型，因此我们也不应该忽略这些攻击。

In addition, they’ll probably be a few software companies launching products or updates with giant security holes in them; so, keep an eye out for zero day vulnerabilities too.

此外，他们可能是少数几个软件公司，它们会发布带有巨大安全漏洞的产品或更新程序。因此，也要注意零日漏洞。

eUKhost provides a wide range of effective security measures to protect our clients, including SSL, website backup, SpamExperts email protection, site monitoring and intrusion protection, Mtvscan vulnerability scanning, 24×7 support staff and Fortigate firewalls.

eUKhost提供了一系列有效的安全措施来保护我们的客户，包括SSL，网站备份，SpamExperts电子邮件保护，站点监视和入侵保护，Mtvscan漏洞扫描， 24×7支持人员和Fortigate防火墙。

If you are concerned about your organisation’s website security or want to know how eUKhost can protect your organisation, get in touch on 0800 862 0380.

如果您担心组织的网站安全或想知道eUKhost如何保护您的组织，请联系0800 862 0380 。

翻译自: https://www.eukhost.com/blog/webhosting/cyber-security-threats-2017-how-to-protect-your-website/

网络安全威胁检测与威胁溯源